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Abstract. We present a complete, certificate-based decision procedure 
for first-order univariate polynomial problems in Isabelle m- It is built 
around an executable function to decide the sign of a univariate polyno¬ 
mial at a real algebraic point. The procedure relies on no trusted code 
except for Isabelle’s kernel and code generation. This work is the first 
step towards integrating the MetiTarski theorem prover [I] into Isabelle. 


1 Introduction 

Nonlinear polynomial systems are ubiquitous in science and engineering. As real- 
world applications of formal verification continue to grow and diversify, there 
is increasing need for formal tools to provide automation for reasoning about 
nonlinear systems over the reals. To ensure correctness, one can develop and 
verify such automation within a proof assistant. To be efficient, one can take 
a certificate-based approach, delegating expensive computations to untrusted 
external tools whose output is used to guide the verified proof tool. 

We have built an Isabelle/HOL [T7] tactic that is complete for univariate 
polynomial problems over the reals 0. As it proceeds, this tactic calls an external 
program to obtain a real algebraic certificate decomposing K into finitely many 
regions. A subsidiary tactic then uses techniques based on the Sturm-Tarski 
Theorem to verify this decomposition and transform it into a formal proof. For 
example, the theorem 

Vcc. (cc^ > 2 A — 2x^ -|-l>0)Va;<2 

can be proved simply by applying the tactic uiiiv_rcf. It calls an external tool to 
obtain a proof certificate, which it gives to the univ^rcf^cert tactic for checking. 
Once this occurs, the uiiiv_rcf_cert incantation can be recorded in a proof script, 
removing the future need to call the external tool: 

uuiv_rcf_cert " [Arep [:-2, 0, 1:] (-2) (- 1/3), Rat 1, Arep [:-2, 0, 1:] 
(7/6) (19/12), Rat 2]" 

® Code is available from https://bitbucket.org/liwendal990/univ_rcf-cade-25 



The certificates can easily be produced by any program that does cylindrical 
algebraic decomposition (CAD). For now, we are using the certificate producing 
implementation of univariate CAD that we have written within the MetiTarski 
theorem prover [T]. 

The mathematical basis of our approach is the Sturm-Tarski theorem (Sect.[5|), 
which generalizes Sturm’s theorem. We use Sturm-Tarski to build a decision 
procedure to decide the sign of a univariate polynomial at a real algebraic 
point (Sect.HHS]). For existential cases, the certificate taken by univ_rcf_cert 
is a real algebraic number that satisfies the quantifier free part of the formula, 
and univ_rcf_cert computationally checks that by invoking the sign determina¬ 
tion procedure. For universal cases, the certificate taken by univ^rcf.cert is a 
list of roots of polynomials in the formula, and m 2 iv_rcf_cert verifies the com¬ 
pleteness of this list and checks the truth value of the quantifier free part of the 
formula at sample points from regions partitioned by these roots. 

One of our motivating goals is the eventual integration of MetiTarski [1] into 
Isabelle/HOL (cf. Sect. [71). A key difficulty in checking MetiTarski’s proofs is its 
use of a decision procedure for polynomial systems. The present work is a first 
step towards a framework for verifying MetiTarski proofs. 

2 The Sturm-Tarski Theorem 

Sturm’s theorem provides an effective method to count the number of unique 
real roots of a polynomial P has in a given real interval. Such root counting forms 
the computational basis of many core real algebraic operations, including root 
isolation and sign determination. We shall cover these applications in Sections [4] 
andjS] The Sturm-Tarski theorem generalises Sturm’s theorem to allow queries 
concerning a second polynomial Q at the roots of P [Ml p. 309]. The Sturm- 
Tarski theorem is the mathematical crux of our work. We shall first prove Sturm- 
Tarski and then use it to obtain Sturm’s theorem as a special case. 


2.1 Notation and Terminology 

We write R for the extended reals K U {—oo,oo}, where the four arithmetic 
operations are expended to ±oo in a straightforward way. The set (ring) of 
polynomials with real coefficients over the variable X is written R[A]. 


2.2 Basic Definitions 

The notion of a Tarski query [2] is fundamental to the Sturm-Tarski theorem. 
Intuitively, the Tarski query of (Q, P, a, b) paints a high-level picture of the be¬ 
haviour of Q at the roots of P over the interval (a, b). This information is encoded 
by a natural number expressing the (signed) difference between (i) the number 
of roots of P at which Q is positive, and (ii) the number of roots of P at which 
Q is negative, where the roots of P considered all reside within (a, b). 


Definition 1 (Tarski Query). The Tarski query Ta,Q{Q, P,a,b) is 


TaQ(Q, P, a,b) = ^ sgn(Q(x)) 

xG(a,b),P(x)=0 


where a, 6 G M, P, Q G P ^ 0 and sgn : M —>■ {—1,0,1} is the sign 

function. 

It is not hard to see that a Tarski query can be used to perform sign deter¬ 
mination, i.e., to determine the sign of Q at a specific root a of P, provided we 
know an interval (a, b) containing a and no other roots of P. Moreover, when 
(5=1, the Tarski query TaQ{P,Q,a,b) gives us the number of real roots P 
has in (a, 6). Thus, with Tarski queries, we can both compute the sign of Q at 
any given root of P, and verify whether or not each instance of this question is 
well-defined: that P has a single real root in (a, b). 

The key question is then: How can TaQ{Q, P, a, b) be computed? We seek a 
method for obtaining the value of the Tarski query as, e.g., an algebraic expres¬ 
sion derived from the coefficients of Q and P and the interval endpoints a and 
b. This leads us to the notion of a signed remainder sequence and the number of 
sign variations these sequences contain. 

The signed remainder sequence between two univariate polynomials over a 
field of coefficients is a generalised version of the sequence of intermediate re¬ 
mainders computed by Euclid’s greatest common divisor algorithm. 

Definition 2 (Signed Remainder Sequence). The signed remainder sequence 
between P and Q is 

SRemS(P, (5) = [SRemSo(P, <5), SRemSi(P, (5), ■ •., SRemS„(P, (5)] 

and 

SRemSo(P, <5) = P, 

SRemSi(P, (5) = Q, 

SRemS 2 (P, <5) = — (SRemSo(P, <5) mod SRemSi(P, (5)) 

SRemS„(P, (5) = — (SRemS„_ 2 (P, <5) mod SRemS„_i(P, (5)) 0 

SRemS„+i(P, (5) = — (SRemS„_i(P, (5) mod SRemS„(P, (5)) = 0 

where P,Q & ]R[X] and mod (dvd) is the remainder (quotient) of polynomial 
division, such that 

P = {P dvd Q) Q + [P mod Q) and degree(P mod Q) < degree{Q). 

It is easy to see that SRemS„(P, Q) is the greatest common divisor of P and Q. 



Definition 3 (Sign Variation). Given a polynomial sequence [po,pi,... ,p„] 
(where pi G ]R[V]), the number of sign variations evaluated at point a G K, is 
written Yar{[po,pi,... ,p„];a) and is defined as 

= 0 

{ 1 + Var([pi,p2 ■ • ■ ,Pn];a) 

Var([pi,p2 • • • ,Pn];a) 

Var([po,P 2 , ■ • ■ ,Pn\,a) 

= sgn(lcoef(p)) 

{ sgn(lcoef(p)) i/degree(p) is even 
—sgn(lcoef(p)) otherwise 

where lcoef(p) is the leading coefficient of p. 

Then, the difference in the number of sign variations in sequence [po,pi,... ,pn] 
evaluated at a and b, YaT([po,pi,... ,pn];a,b), is defined as 

Var([po,Pi, • ■ ■,Pn];a, b) = Var([po,Pi, • ■ • ,Pn\,a) - Var([po,Pi, ■ • ■ ,Pn]]b) 


Var([po];a) 

Var([po,Pi,---,P«];a) 

Note that 

sgn{p{oo)) 

sgn(p(-oo)) 


sgn(po(a))sgn(pi(a)) = -1 
sgn(po(a))sgn(pi(a)) = 1 
or sgn(po(a)) = 0 
sgn(pi(a)) = 0 


2.3 Theorem Statement 

We now have everything we need to state the main theorem. Note that Sturm’s 
theorem is the special case of the Sturm-Tarski theorem when Q = 1. 

Theorem 1 (Sturm-Tarski). The Sturm-Tarski theorem is 

TaQ((5, P, a, b) = Var(SRemS(P, P'Q)] a, b) 

where P 0, P,Q € K.[V], P' is the first derivative of P, a, & G M, a < b and 
are not roots of P. 

For example, let Q = a; — 3, P = (x — l)(a; — 2), a = — oo, b = oo. We then 
have 

TaQ(Q, P, a,b) = ^ sgn(Q(x)) 

a:G(a,6),P(a:)—0 

= sgn(Q(l)) -hsgn(Q(2)) 

= -2 


Also, 

Var(SRemS(P, P'Q); a, b) 

3 5 4 

= Var([a;^ — 3x -I- 2, 2a;^ — 9x -I- 9, --x + -, -]; —oo, oo) 

z 2 9 


= 0 - 2 = -2 



Thus, the Sturm-Tarski theorem yields our sought-after method for comput¬ 
ing Tarski queries. This computation proceeds via counting the number of sign 
changes in a particular sequence of generalised remainders evaluated at our in¬ 
terval endpoints. Let us now discuss our proof of the theorem of Isabelle/HOL. 
We shall then turn to how it is used in our tactic for univariate polynomial 
problems in Sect. [51 


3 The Proof and Its Formalisation in Isabelle 

Our proof of the Sturm-Tarski theorem in Isabelle is based on Basu et al. [5] 
and on Cohen’s formalization in Coq [3] . The core idea is based on the functions 
jump and Cauchy index [8]. 

Definition 4. Given P,QG K.[a;] and a; G M, jump(P, Q, x) is defined as 

(-1 if lim„^ 3 ,- = 00 and lim„^ 3 ,+ = -oo 

jump(P, Q,x) = ll if lim„_,. 3 ,- = -oo and lim„_^ 3 ,+ = oo 

[ 0 otherwise 

The corresponding definition in Isabelle is as follows: 

definition jump :: "’a :: {liRordered_idom,topological_space} poly ^ 

’a poly ^’a => int" 
where 

"jump q p x= ( if qf^O A odd((order x p) - (order x q) ) then 
if sign^r^pos (q*p) x then 1 else -1 
else 0 )" 

In this definition, order x p is the multiplicity of x as a root of p, and sign^^pos 
(q*p) X is mathematically equivalent to lim„_,. 2 .+ q{u)p{u) > 0. This definition 
reflects the following reasoning: 

— if g = 0 or order x q > order x p (in this case order x p - order x q = 0 
as order x p is of type nat, hence —<odd(order x p - order x q) ), then q/p 
at X is not a jump, hence jump p q x=0; 

— if order x p - order x q is not zero and even, then q/p is of the same sign 
during the jump at x, hence jump p q x=0; 

— otherwise we can decide the sign of the jump by whether limjj_,. 3 ,+ q(u)p(u) > 
0 holds. 

The Cauchy index cindex a b q p is the sum of the jumps of q/p over the interval 

(a,&): 

definition cindex:: "’a:: {linordered_idom, topological.space} ^ 'a => 

'a poly => ’a poly int" 
where 

"cindex a b q p= (^ x£{x. poly p x=0 A a< xA x< b}. jump q p x) " 


For example, let Q = x — 4 and P = {x — 3)(x — l-Y{x + 1). The graph of Q/P 
is shown in Fig.[TJ We have 


cindex Q P —2 4 = (jump Q P —1) + (jump Q P 1) + (jump Q P 3) 
= l + 0 + (-l) 

= 0 



By case analysis, we can prove a connection between the Tarski query and 
the Cauchy index: 

lemma cindex_taq ; 

fixes p q::"real poly" 
assumes "p^O" 

shows "tag {x. poly px = 0 Aa<xAx<b}q = 
cindex a b (pderiv p * q) p" 

where tag S q is mathematically equivalent to pderiv p is 

the first derivative of p. 

Moreover, the Cauchy index has its own properties: 

lemma cindex_mod: 

fixes p q: : "real poly" 
assumes "p^O" 

shows "cindex a b q p = cindex a b (q mod p) p" 









lemma cindex_cross: 
fixes p q::"real poly" 

assumes "a < b" "poly (p * q) a ^0" "poly (p * q) h ^0" 
shows "cindex a b q p + cindex a b p q = cross (p * q) a b" 

where 

{ 0 if p{a)p{b) > 0 
1 if p{a)p{b) < 0 and p{a) < p{b) 

— 1 if p{a)p{b) < 0 and p{a) > p(b) 

With lemmas ciiidex_mod and cindex.cross, we can derive the following re¬ 
currence relation for cindex: 

lemma cindex^rec: 

fixes p q: : "real poly" 

assumes "a < b" "poly (p * q) a j^O" "poly (p * q) b ^0" 

shows "cindex a b q p = cross (p * q) a b + cindex a b (- (p mod q)) q" 

This result shares the same recurrence structure with the difference of the signed 
remainder sequence evaluated at the same end points: 

lemma changes^itv^smods^rec: 

assumes "a<b" "poly (p*q) a^O" "poly (p*q) bj^O" 
shows "changes^itv^smods a b p q = 

cross (p*q) a b + changes^itv^smods a b q (-(p mod q))" 

where changes^itv^smods a b p q is mathematically equivalent to 

Var(SRemS(p, q);a, b) 

in Theorem [TJ Together with lemma cindex.taq, the connection between signed 
remainder sequences and Tarski queries is established: 

theorem sturm^tarski^interval: 

assumes "a<b" "poly p a/0" "poly p b^O" 
shows "taq {x. poly p x=0 A a<x A x<b} q = 

changes^itv^smods a b p (pderiv p * q) " 

Note, this is just the bounded case of the Sturm-Tarski theorem. We also have 
proved the unbounded and half-bounded cases. □ 

4 Encoding Real Algebraic Numbers 

The real algebraic numbers (KaZg) are the roots of non-zero polynomials with 
integer (equivalently, rational) coefficients. They form a countable, computable 
subfield of the real numbers. Both (R, -b, —, x, <, 0,1) and {Raig, -b, —, x, <, 0,1) 
are real closed fields (RCFs). As RCF is a complete theory, these two structures 
are elementarily equivalent. Unlike M, arithmetic over M.aig is computable. During 
the execution of real algebraic decision methods based on CAD, one computes 


concretely over Raig and appeals implicitly to the elementary equivalence to 
carry the results over to R as a whole. 

A real algebraic number a can be encoded as a polynomial p and an interval 
/ C R. such that a is the only root of p residing in /. In this section, we formalize 
this encoding by building a new constructor of type rat poly rat => rat 
=> real for real numbers. This constructor directly embeds the real algebraic 
numbers into the reals. 

As Isabelle uses Cauchy sequences to represent real numbers, our first step 
is to convert an encoding of a real algebraic number into a Cauchy sequence 
through bisection. The given interval is cut in half, and the root is located in 
the half where the sign of the polynomial changes. 

fun to_cauchy: : "rat poly X rat X rat => nat rat" where 
"to^cauchy C, lb, ub) 0 = (Ib+ub)/2" I 
"to_cauchy (p, lb, ub) (Sue n) = ( 
let c=(lb+ub)/2 

in if poly p lb * poly p c <0 then to^cauchy (p, lb, c) n 

else to_cauchy (p, c, ub) n)" 

We then define a new constructor for real numbers: 

definition Alg: : "rat poly rat => rat real" where 
"Alg p lb ub = (if valid_alg p lb ub 

then Real (to^cauchy (p,lb,ub)) 
else undefined)" 

Here valid_alg p lb ub is true if and only if p(lb)p{ub) < 0 and p has exactly 
one real root within the interval {lb,ub), whence lb < ub. Real is the abstraction 
function of type real ; it builds a real number based on its underlying represen¬ 
tation as a Cauchy sequence of type nat rat. 

Finally, we prove that Alg p lb ub is a root of p within the interval {lb, ub). 

lemma alg_bound_and_root; 

fixes p::"rat poly" and lb ub::rat 
assumes "valid.alg p lb ub" 

shows "lb<Alg p lb ub" and "Alg p lb ub<ub" and 
"poly p (Alg p lb ub) = 0" 


5 Sign of a Polynomial at a Real Algebraic Point 

With the constructor defined in the previous section, we can encode \/2 as Alg 
[:-2,0,l:] 0 2. This is valid because is the only real root of the polynomial 
— 2 (encoded as [:-2,0,l:]) within the interval (0,2). 

We can decide the sign of a polynomial at a real algebraic point using the 
Sturm-Tarski theorem. Suppose an real algebraic number a is encoded as Alg 
p lb ub. If valid.alg p lb ub is true, we can be sure a is the only root of p 



within the interval {lb,ub). In this case, the sign of the polynomial q aX a can 
be computed as 

sgn(g(a)) = ^ sgn{q{x)) 

x£{lb,ub),p{x)—0 

= TaQ(( 7 ,p, lb, ub) 

= Var(SRemS(p,p'( 7 ); a, 5). 

In Isabelle, we define a constant sgn_at q x as the sign of polynomial q at x: 

definition sgn_at: : "real poly real => real" where 
"sgi2_at q X = sgn (poly q x)" 

We can then prove the following code equation for sgn_at : 

lemma sgii_at_code_algfcodeJ; "sgn.at q (Alg p lb ub) = ( 
if valid_alg p lb ub then 

of^int (changes^itv^smods lb ub (realjpoly p) (pderiv (realjpoly p) 

* q)) 

else sgn (poly q undefined))" 

Note that the right hand side of the equation in the lemma sgii_at_code_alg is ex¬ 
ecutable including valid_alg p lb ub, which also uses the Sturm-Tarski theorem 
to check if p contains exactly one real root within (lb, ub). 

Using the lemma sgii_at_code_aIg, the term sgn_at q x becomes executable 
when X has the form Alg _ _ The Isabelle command 

value "sgi 2 _at [:-l,l:] (Alg [:-2,0,l:] 0 2)" 

produces 1: Isabelle can determine a: — I is positive at \/2. 

6 The Decision Procedure 

Our decision procedure works by checking certificates produced by an external 
untrusted program. The checking process is built around the executable function 
sgn_at. Let us illustrate the procedures through some instructive examples. 

6.1 The Existential Case 

Existential formulas are proved by univ_rcf through the construction and veri¬ 
fication of explicit real algebraic numbers witnessing them. For example, when 
uni v_rcf is applied to 

lemma "3x;;real. x*x = 2 A x*x*x>2.5" 

the tactic invokes our external tool to construct a witness certifying the truth of 
the lemma. This certificate is of the form " [Arep [:-2,0,1:] 0 2]" representing 
This certificate is then handed to our companion tactic, resulting in the 
tactic application uiiiv_rcf_cert "[Arep [:-2,0,l:] 0 2]". 

When invoked, univ^rcf.cert first transforms the original problem into the 
logically equivalent form 



3x. sgii_at [:-2,0,1:] x = 0 Asgn.at [: -2.5,0,0,1 :J x = 1 

After that, the formula above is proved by computationally checking two signs: 

sgn_at [:-2,0,l:] (Alg [:-2,0,1:] 0 2) = 0 
sgn.at [:-2.5,0,0,l:] (Alg [:-2,0,l:] 0 2) = 1 

This computational checking is made possible by the Isabelle code equations we 
have derived for sgn.at (cf. Sect. [5]). These code equations give Isabelle a way 
to “compile” our verified sign determination function, execute it efficiently, and 
reflect its computed results back as theorems within Isabelle/HOL. 

6.2 The Universal Case 

The decision procedure also transforms the universal problem 
lemma " fV x; ; real. x*x - 2>0 V x < 2) " 
into an equivalent form: 

Vx. sga.at [:-2,0,1:] x = 1 A sgii.at [:-2,l:] x = -1 

After that, our decision procedure expects a list of all roots of the polynomials 
in the formula. In this case, the roots are —\/2, ^/2 and 2: 

[Arep [:-2, 0, 1:] (-2) (-1/3), Arep [:-2, 0, 1:] (7/6) (19/12), Rat 2] 

These roots will be computationally checked to ensure (i) they are all distinct 
roots of the polynomials via sgn.at, and (ii) to count the total number of real 
roots of a polynomial, ensuring the list of roots is complete via Sturm’s theo¬ 
rem. Once this list of roots is proved to be complete, we can conclude that the 
roots partition M into disjoint regions (subsets) such that the truth value of the 
quantifier-free part of the formula is invariant over each region. In our running 
example, R is decomposed as 

R = (- 00 , -V2) U {-\/2} U V2) U {^2} U (^2, 2) U {2} U (2, oo). 

By choosing a sample point from each region, we can convert the unbounded 
universal formula into a bounded one, which can be evaluated directly. In this 
case, the bounded universal formula could be 

Vx G {-2, Alg [:-2,0,1:] -2 0, 0, Alg [:-2,0,l:] 0 2, 1.5, 2, 3}. 
sgn_at [:-2,0,1:] x = 1 A sgn_at [:-2,l:] x = -1 

6.3 Linking to an External Solver 

Certificates for both existential and universal can be produced by any program 
performing univariate CAD. For now, we are using the certificate producing 
implementation of univariate CAD in MetiTarski. 

When called, univ^rcf will first transform the problem into the input format 
of MetiTarski, and then invoke MetiTarski in a special mode to produce the 


necessary certificate for univ_rcf_cert. Once this is done, we only need to use 
uiiiv_rcf_cert together with the certificate to repeat the proof, and no longer 
need to call MetiTarski again. 

This division of labour between the external solver and our Isabelle/HOL 
tactic follows the classical certificate-based approach (e.g. John Harrison’s sums- 
of-squares approach m) of separating the search aspects of a decision procedure 
from the verification of its results. 

Real root isolation can be computationally expensive, especially for polyno¬ 
mials of high degree, large bit-width, or whose roots are very close together. It is 
not terribly uncommon for highly tuned implementations of real root isolation 
to run out of resources on particularly challenging univariate problems arising 
in MetiTarski proofs. 

Thus, we wish to delegate this expensive part of our procedure to highly 
tuned external tools as much as possible. These tools can utilise as many clever 
optimisations, tricks and heuristics that they want. All we need to do to check 
their results is: (i) count the total number of unique real roots a polynomial has 
on the real line, and (ii) verify that precisely this number of unique roots was 
isolated by the external tool. In this way, we completely insulate ourselves from 
the search process. 


7 Discussion and Applications 


One of our driving motivations is the integration of MetiTarski with Isabelle. 
MetiTarski [1] is a first-order theorem prover for real number inequalities involv¬ 
ing transcendental functions such as sin, tan and exp. It can automatically prove 
formulas like 


Va; G (0,1.25) => tan(a;)^ < 1.75 x 10 ^ -I- tan(l) tan(a;^) 


Va; > 0 


1 - e-2^ 
2x(l — 


1 1 
^ - 12 


Vx G (0,1) ^ 1.914 


\/l + X — \/l — X 

4 -|- \/l -|- X -\- \/l — : 


< 0.01-f 


2 + VT^. 


The main idea behind MetiTarski is to approximate transcendental functions by 
polynomial or rational function bounds, and then solve the formula by a combin- 
ination of a resolution theorem proving and an external Real Closed Field (RCF) 
decision procedure (QEPCAD, Mathematica or Z3). MetiTarski is a version of 
Joe Hurd’s Metis prover [12], modified to include arithmetic simplification and 
integration with RCF decision procedures, along with many other refinements. 

Applications of MetiTarski include verification problems arising in air traffic 
control [B] and analog circuit designs [1] . As some of the applications are safety 
critical, it is natural to consider to integrate MetiTarski with an existing interac¬ 
tive theorem prover, whose internal logic can be used to ensure the correctness of 
MetiTarski’s proofs. Besides, the automation provided by MetiTarski is generally 
useful to interactive theorem provers. 










MetiTarski has been integrated with the PVS theorem prover [TB] as a trusted 
oracle [S]. The authors state that the automation introduced by MetiTarski 
for closing sequents containing real-valued functions considerably outperforms 
existing tactics in PVS. However, this tactic should not be used in a certification 
environment, where external oracles are not allowed. 

Our eventual goal is to integrate MetiTarski into the Isabelle/HOL [T7] the¬ 
orem prover. Isabelle can verify purely logical inferences (in fact, it contains 
an internal copy of the Metis theorem prover), and the third author has just 
formalized most of the bounds of transcendental functions used by MetiTarski 
[19] . The primary remaining hurdle is the RCF decision procedure, and the work 
presented here is the first step towards it. 

Finally, let us say a bit about how our work might be generalised to multi¬ 
variate problems. The root isolation and sign determination algorithms underly¬ 
ing our tactic are necessary for general multivariate CAD-based real quantifier 
elimination, and particularly for the real algebraic number computations, which 
typically consume most of the processing time. By building a framework for effi¬ 
cient certificate-based root isolation within a verification environment, we have 
the beginnings of a solid and practical foundation for multivariate CAD. 

That said, a multivariate generalisation of our work requires a certificate- 
based approach to CAD in general. Unfortunately, it is not obvious to us where 
the clear separation between search and verification should be in the multivariate 
case. As the bivariate case is considerably simpler than the general multivariate 
case, we plan to work on that next. The key question we hope to answer is: What 
is a certificate for a bivariate CAD? 


8 Related Work 

Our work is greatly inspired by Cyril Cohen’s PhD thesis [5], within which the 
Sturm-Tarski theorem and real algebraic numbers are formalized in the Coq 
theorem prover. However, our goals and approaches are very different. 

Cohen’s work is part of a large project that has formalized the Feit-Thompson 
theorem (odd order theorem) in Coq [9], and focuses more on theoretical devel¬ 
opments than we do. For example, they proved the Sturm-Tarski theorem to 
construct an RCF quantifier elimination procedure in the spirit of Tarski’s origi¬ 
nal method, which has important theoretical properties but is not practical as a 
proof procedure. Moreover, he has formalized arithmetic on real algebraic num¬ 
bers and shown that they form a real closed field via resultants. We have not 
formalized resultants at all. Our sign determination algorithm uses the Sturm- 
Tarski theorem, which is significantly more efficient in practice than using resul¬ 
tants. On the other hand, as it was unnecessary for our proof procedure, we have 
not proved in Isabelle that the real algebraic numbers form a real closed field. 
In general, compared to his work, ours stresses the practical side over the theo¬ 
retical. Fundamentally, we want to build decision procedures to solve non-trivial 
problems in practice. 


Decision procedures based on Sturm’s theorem have been implemented in 
Isabelle and PVS before [71 Hg. Their core idea is to count the number of real 
roots within a certain (bounded or not) interval. Generally, they can only handle 
formulas involving only single polynomial, so they are not complete for first- 
order formulas. Moreover, they have not engaged external tools to undertake 
the expensive process of isolating roots as we do. 

The very recent work by Narkawicz et al. m is the most similar to ours, 
and was done concurrently. They have formalized the Sturm-Tarski theorem 
(which they call Tarski’s theorem) and turned it into a decision procedure. The 
main difference between their work and ours is that their decision procedure 
uses linear algebra and resembles Cohen’s quantifier elimination in Coq but only 
for the univariate case, while our work follows the idea of cylindrical algebraic 
decomposition by introducing real algebraic numbers and does not involve with 
linear algebra. Secondly, their procedure does not rely on certificates produced 
by external programs, while we do. Thirdly, their procedure seems not to be able 
to handle arbitrary boolean expressions, but we believe it should not be hard 
to overcome. In the long term, we both want to build a verified RCF decision 
procedure into theorem provers (PVS or Isabelle), and we both treat our current 
work as the first step towards it. 

Assia Mahboubi m has implemented the executable part of a CAD decision 
procedure in Coq, but as far as we know the correctness proof for her imple¬ 
mentation is still ongoing. This is also one of the reasons for us to choose the 
certificate-based approach rather than directly verifying an implementation. 

There are other methods to handle nonlinear polynomial problems in theorem 
provers, such as sum of squares [10], which is good for multivariate universal 
problems but is not applicable when the existential quantifier arises, and interval 
arithmetic [niio], which is very efficient for some cases but is not complete. 
These methods and ours should be used in a complementary way. 


9 Conclusion 


We have described our work of building a complete certificate-based decision 
procedure for first-order univariate polynomial problems in Isabelle. This is a first 
step towards integrating MetiTarski into Isabelle. The next step is to enable our 
tactics to handle univariate problems involving transcendental functions. After 
that, we will proceed to the multivariate cases. 
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